mandiant / remote_lookup
Licence: other
Resolves DLL API entrypoints for a process w/ remote query capabilities.
Stars: ✭ 51
Programming Languages
Visual Basic .NET
514 projects
C#
18002 projects
python
139335 projects - #7 most used programming language
d
599 projects
Labels
Projects that are alternatives of or similar to remote lookup
flare-dbg
flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.
Stars: ✭ 146 (+186.27%)
Mutual labels: fireeye-flare
unicorn-libemu-shim
libemu shim layer and win32 environment for Unicorn Engine
Stars: ✭ 67 (+31.37%)
Mutual labels: fireeye-flare
stringsifter
A machine learning tool that ranks strings based on their relevance for malware analysis.
Stars: ✭ 567 (+1011.76%)
Mutual labels: fireeye-flare
flashmingo
Automatic analysis of SWF files based on some heuristics. Extensible via plugins.
Stars: ✭ 117 (+129.41%)
Mutual labels: fireeye-flare
Flare Floss
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
Stars: ✭ 2,020 (+3860.78%)
Mutual labels: fireeye-flare
Commando Vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
Stars: ✭ 5,030 (+9762.75%)
Mutual labels: fireeye-flare
jitm
JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.
Stars: ✭ 27 (-47.06%)
Mutual labels: fireeye-flare
Contributed by FireEye FLARE Team Author: David Zimmer <[email protected]>, <[email protected]> Copyright (C) 2017 FireEye, Inc. All Rights Reserved. License: GPL Article link: https://www.fireeye.com/blog/threat-research/2017/06/remote-symbol-resolution.html This is a small tool which can scan a 32bit process and build an export name/address map which can be queried. Precompiled binaries can be found in the /bin folder. It supports single searches, bulk lookups from file, or requests from network clients. Sample remote clients are provided in Python, C#, VB6 and D. The tool supports the following input formats: hexMemoryAddress, case insensitive api name ws2_32@13, ntdll!atoi or msvcrt.atoi This application has the following dependencies: - sppe.dll - PE File Format Library - procLib.dll - Process Library - MSWINSCK.OCX - Microsoft Winsock ActiveX control. If run as administrator the application can register these itself on the first run. The machine will also require the VB6 runtimes which are already pre installed on most systems. The source for the other libraries can be found here: https://github.com/dzzie/libs/tree/master/pe_lib https://github.com/dzzie/libs/tree/master/proc_lib Note: ------------------------------------------------------------- proclib does support 64bit processes and addresses however 64bit support has not yet been added to this tool.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].